Bill Text: HI SB431 | 2010 | Regular Session | Introduced
Bill Title: Personally Identifiable Financial Information; Unauthorized Disclosure; Remedy
Spectrum: Strong Partisan Bill (Democrat 15-1)
Status: (Introduced - Dead) 2009-05-11 - Carried over to 2010 Regular Session. [SB431 Detail]
Download: Hawaii-2010-SB431-Introduced.html
Report Title:
Personally Identifiable Financial Information; Unauthorized Disclosure; Remedy
Description:
Requires public or private entities responsible for the inadvertent, unauthorized disclosure of personally identifiable financial information to pay for access to credit reports for at least 1 year.
|
THE SENATE |
S.B. NO. |
431 |
|
TWENTY-FIFTH LEGISLATURE, 2009 |
|
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
relating to information.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. Chapter 487, Hawaii Revised Statutes, is amended by adding a new section to be appropriately designated and to read as follows:
"§487- Inadvertent, unauthorized disclosure of personal financial information by public or private entities; duty to notify and pay for credit monitoring reports. (a) Any public or private entity responsible for an inadvertent, unauthorized disclosure of personally identifiable financial information that may result in a crime being committed under section 708-839.6, 708-839.7, or 708-839.8 shall be liable for the costs of providing each person whose personally identifiable financial information was disclosed with, at a minimum, a one year subscription to a credit reporting agency's services.
(b) No later than three calendar days after a public or private entity's discovery of an inadvertent, unauthorized disclosure of personally identifiable financial information, the public or private entity responsible for the inadvertent, unauthorized disclosure of personally identifiable financial information shall provide the executive director of the office of consumer protection and each person whose personally identifiable financial information was inadvertently disclosed without the person's authorization with notice of the disclosure, the requirements imposed upon the responsible entity, and the credit monitoring and reporting options available to the person pursuant to this section.
(c) No later than seven calendar days after a public or private entity's discovery of an inadvertent, unauthorized disclosure of personally identifiable financial information, the public or private entity responsible for the inadvertent, unauthorized disclosure of personally identifiable financial information shall provide each person with a choice of not less than two credit reporting agencies from which the person may select to subscribe. The person, if the person so chooses, shall select a credit reporting agency and the credit monitoring and reporting services that the person requires and shall inform the responsible public or private entity of the person's selection. If a person elects not to subscribe to any credit monitoring and reporting services offered by a credit reporting agency, the person shall notify the responsible public or private entity in writing of the person's choice to not subscribe to any credit monitoring or reporting services. The public or private entity responsible for the inadvertent, unauthorized disclosure of the person's personally identifiable financial information shall keep a record of each person's credit monitoring and reporting services selection, or election to not subscribe to such services, for at least three years after the receipt by the public or private entity of a person's selection or election under this subsection.
(d) The responsible public or private entity shall enroll the person into the credit monitoring and reporting plan of the person's choice within seven calendar days of receipt of a person's selection made under subsection (c) and shall pay all costs associated with the one year subscription of the services of the selected credit reporting agency.
(e) For the purposes of this section:
"Credit reporting agency" means a nationwide consumer credit reporting agency, such as Equifax, Experian, or TranUnion, or any successor entity thereof, that provides consumer credit monitoring and reporting services.
"Inadvertent, unauthorized disclosure" or "disclosure" means any compromising of sensitive, personal, or financial information that could result in a person being a victim of identity theft under section 708-839.6, 708-839.7, or 708-839.8. The term does not include any wilful or wanton act by a public or private entity or employee or agent thereof that could or does result in a crime being committed under section 708-839.6, 708‑839.7, or 708-839.8.
"Personally identifiable financial information" means any sensitive, personal, or financial information that, if inappropriately disclosed or obtained, could result in a person being a victim of identity theft under section 708-839.6, 708-839.7, or 708‑839.8.
"Public or private entity", in the case of a public entity, has the same meaning as "government entity" as that term is defined in section 663-10.5. In the case of a private entity, the term includes a sole proprietorship, corporation, limited liability company, association, partnership, joint stock company, joint venture, mutual fund, trust, joint tenancy, or other similar form of business organization or other legal entity, whether organized for-profit or not-for-profit.
(f) The executive director of the office of consumer protection may adopt rules in accordance with chapter 91 to effectuate this section."
SECTION 2. New statutory material is underscored.
SECTION 3. This Act shall take effect upon its approval.
|
INTRODUCED BY: |
_____________________________ |
|
|
|
